Greetings again. This is a security review of draft-ietf-alto-reqs, "Application-Layer Traffic Optimization (ALTO) Requirements". An ALTO protocol would allow optimization of network resources when information is in multiple places; a client can ask a server where to get the information, and the server can give hopefully-intelligent answers based on what the server knows of the network load, server load, network topology, and so on. This document does quite a good job of covering the many security issues with such a protocol. It lays out many of the competing security considerations, particularly the privacy of each party and, being a requirements document, doesn't answer any of the hard questions that will need to come in the upcoming protocol document. --Paul Hoffman